A program that repeatedly forks and waits is susceptible to having the
same pid repeated, especially when it competes with another instance
of the same program.

* CVE-2011-1577: Missing boundary checks in GPT partition handling.

A heap overflow flaw in the Linux kernel's EFI GUID Partition Table
(GPT) implementation could allow a local attacker to cause a denial of
service by mounting a disk that contains specially crafted partition
tables. (CVE-2011-1577, Low)

* Denial of service in Data Center Bridging.

A spinlock is not unlocked in dcbnl_ieee_get an error condition,
potentially leading to denial of service.dcbnl_getapp may dereference a
NULL pointer, potentially leading to denial of service.

* CVE-2011-4110: Denial of service in kernel key management facilities.

A flaw in the way user-defined key types were handled allowed an
uprivileged local user to crash the system via a NULL pointer
dereference and kernel OOPS.

* Improved fix for CVE-2011-2495: Information leak in /proc/PID/io.

The original patch for CVE-2011-2495, which added missing access
checks in /proc/PID/io, contained a race condition. This race condition
could be used to obtain io statistics for a privileged process, which could
in turn be used to gather sensitive information (e.g. ssh/ftp password
length).

* CVE-2011-3638: Disk layout corruption bug in ext4 filesystem.

When splitting two extents in ext4_ext_convert_to_initialized(), an
extent was incorrectly not dirtied, resulting in the disk layout being
corrupted, which will eventually cause a kernel crash.

* CVE-2011-4330: Buffer overflow in HFS file name translation logic.

Clement Lecigne reported a flaw in the way the HFS filesystem
implementation handled file names larger than HFS_NAMELEN. A
missing length check in hfs_mac2asc could result in a buffer
overflow.

* Privilege escalation in Sun RPC credential cache.

A programming mistake in the cache of recently used Sun RPC
credentials may allow access to be incorrectly granted to
processes with certain group lists.

* CVE-2011-2525: Denial of Service in packet scheduler API.

A flaw allowed the tc_fill_qdisc() function in the Linux kernel's
packet scheduler API implementation to be called on built-in qdisc
structures. A local, unprivileged user could use this flaw to trigger
a NULL pointer dereference, resulting in a denial of service.
(CVE-2011-2525, Moderate)

* Wrong reserved DMA addresses in AMD IOMMU.

An arithmetic error in the AMD IOMMU driver caused incorrect
addresses to be reserved for DMA.

* Denial of service in NFSv4 server open downgrade operation.

The WANT bits in the NFSv4 open downgrade operation could
potentially be used to trigger a denial of service (kernel BUG).

* Corruption with sendfile to non-sockets.

A flaw in the direct_splice_actor function could cause corruption in
userspace when using the sendfile system call with output files other
than sockets.

* CVE-2011-1020: Missing access restrictions in /proc subsystem.

The proc filesystem implementation did not restrict access to the
/proc directory tree of a process after this process performs an exec
of a setuid program, which allowed local users to obtain sensitive
information or potentially cause other integrity issues.

Training & Certification

The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.